New AML/CFT Factsheet - June 201712.06.2017
High level review of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) (Amendment) ordinance, 2017, schedule 3 to identify the changes and additions that Senior Management and the Boards of Directors must be aware of.
With the release of the Commission’s Consultation on Revisions to the Bailiwicks AML/CFT Framework on the 09 June 2017, we at Redwood Offshore Limited believe that Senior Management and the Boards of Directors and/or Controllers must be aware of what the enhancements to Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) 1999 Law, amount to. This fact sheet looks at the proposed Schedule 3 of the Law and compares this to the current Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) regulations, 2007 as amended and the Criminal Justice (Proceeds of Crime) (Legal Professionals, Accountants and Estate Agents) (Bailiwick of Guernsey) 2008 as amended, that will be repealed. This will assist Senior Management and the Boards of Directors and/or Controllers establish where they may need to enhance their own AML/CFT framework.
SECTION 2, GENERAL DUTY TO UNDERSTAND, AND ASSESS AND MITIGATE RISKS.
This section provides for the understanding of the Money Laundering and Terrorist Financing risk of the Bailiwick and those faced by the Specified Business. A Specified Business must ensure that it has suitable policies, procedures and controls to;
- Review and Monitor
The Money Laundering and Terrorist Financing risks.
SECTION 3, DUTY TO CARRY OUT RISK ASSESSMENTS.
There must be consideration of all relevant risk factors before determining the following;
- The level of overall risk of the Specified Business
- The appropriate type of and level of, mitigation that is to be applied to the identified risks
It is appropriate that a Specified Business considers the potential risks posed by its
- Countries & Geographical areas
- Products, Services, Transactions, Delivery Channels; and
- Money Laundering and Terrorist Financing risks that may arise in the development of new products before they become available
- New or the developing of technologies before they are adopted by the Specified Business
Customer Risk Assessments must look at the following;
- Type of customer
- Countries & Geographical areas of the business relationship
- Product and Service
- Transactions and/ or Delivery Channels
The Specified Business must understand that the risks individually and collectively may increase or decrease the overall assessment.
The Specified Business must ensure that it has suitable and sufficient policies, procedures and controls to mitigate and manage the risks faced, specifically in respect of the following:-
- The risks identified in the Business Risk Assessment and Customer Risk Assessment
- The relevant risks identified by the National Risk Assessment (which must be incorporated in to the Business Risk Assessment)
The Specified Business must monitor their policies, procedures and controls regarding their implementation and must enhance where required.
The Specified Business must take enhanced measures to manage and mitigate higher risks that have been identified in the Business Risk Assessment.
The Specified Business must have regard to the rules and guidance in the Commission’s Handbook, Notices or Instructions issued by the Commission and the National Risk Assessment.
SECTION 4, CUSTOMER DUE DILIGENCE.
The Specified Business must understand the purpose and intended nature of its business relationships and have evidence to support their understanding
Where the Specified Business is unable to identify a natural person who has the true beneficial ownership, it must identify and verify the person entrusted with the prominent controlling function, such as senior managing officials in respect of the business relationship.
Politically Exposed Person must be classified as Foreign or Domestic.
It is not required to identify and verify shareholders, beneficial owners or underlying principals to a customer or person controlling a customer that is listed on a recognised stock exchange as prescribed by the regulations or is a majority owned subsidiary of such an entity.
A Specified Business must not treat its customer as low risk solely because it has been assessed as such by the business’s risk assessment process.
The meaning of beneficial ownership shall be construed in accordance with the Beneficial Ownership (Definition) Regulations 2017.
SECTION 5, ENHANCED AND ADDITIONAL CUSTOMER DUE DILIGENCE.
When the Customer or Beneficial ownership is a Foreign Politically Exposed Person this must be classified as High risk.
Where a Customer of Beneficial ownership is established or situated in a country or territory that provides:
- Funding or support for terrorist activities, or does not apply or insufficiently applies the Financial Action Task Force standards
- Is otherwise identified as a country otherwise identified by the Financial Action Task Force for which enhanced measures are appropriate
Must be classified as High risk inclusive where the Specified Business also identifies a relation to by high due to its own policies, procedures and controls relating to its risk assessments or where the Commission has issued instructions or warnings.
A Specified Business must Undertake additional due diligence, whether high risk or not, where it has the following customers;
- Non-resident Customer
- Private Banking Services
- A customer that is a legal person or a legal arrangement used for personal asset holding purposes
- Company with nominee shareholders that issues shares in the form of bearer shares
Additional due diligence requires steps prescribed in the rules and guidance of the Commissions Handbook. The Handbook may prescribe for differing steps to be carried out dependent on the business relationship or occasional transaction entered in to with the Customer.
Enhanced customer due diligence has been enhanced to specify the need for high risk relationships to have more frequent and enhanced monitoring. This will include increasing the number and timing of controls applied to the business relationship. The Specified Business must also select patterns of activity and transactions that need to be further analysed and examined.
Enhanced customer due diligence will also now require additional identification data that is specified as the customer’s occupation, identifying the volume of customers assets and publicly available information on the customer.
The Politically Exposed Person definition now also includes a person that has been entrusted with a prominent function by an international organisation.
The Specified Business must ensure that it has regard to any relevant rules and guidance in the Commission’s Handbook in determining what constitutes higher risk business relationships and occasional transactions.
SECTION 6, CUSTOMER DUE DILIGENCE FOR LOW RISK RELATIONSHIPS.
The Specified Business must rate business relationships and occasional transactions as low only when it is in accordance with the paragraph 3(4)(a) of Schedule 3 and in accordance with the National Risk Assessment. A low risk classification must only be applied in accordance with the Handbook. This discretion cannot be applied where there is suspicion of any money laundering or terrorist financing.
SECTION 7, TIMING OF IDENTIFICATION AND VERIFICATION.
This section has been enhanced to ensure that a Specified Business has appropriate and effective policies, procedures and controls in place which operate to manage the risk, including without limitation a set of measures to limit the number and type of transactions that can be performed and the monitoring of large or complex transactions that are outside of the norm expected of the business relationship.
SECTION 8, ACCOUNTS AND SHELL BANKS.
No material changes
SECTION 9, NON-COMPLIANCE WITH CUSTOMER DUE DILIGENCE MEASURES ETC.
No material changes
SECTION 10, INTRODUCED BUSINESS.
This has been enhanced to empower the Specified Business to ensure that the conduct of the introducer is subject to requirements consistent with the Financial Action Task Force recommendations10,11 &12. The Specified Business must also ensure that that the introducer has implemented a programme to combat money laundering and terrorist financing that is consistent with the Financial Action Task Force recommendation 18.
The conduct of the introducer and the group of bodies of which the introducer and the receiving specified business are members, is supervised or monitored for compliance by the Commission or other overseas regulatory body.
SECTION 11, MONITORING TRANSACTIONS AND OTHER ACTIVITY.
This has been enhanced to ensure that a specified business is reviewing the identification data and records to ensure that they are kept up to date, accurate and relevant to Beneficial Owners, underlying Principals and high-risk relationships or customers in respect of whom there is a high risk.
The records of the above must be updated on a timely basis.
The transactions and activities must be monitored to ensure that they are consistent with the knowledge of the customer, the business undertaken and the profile of the customer (including where necessary the source of funds).
A Specified Business must ensure that the extent of monitoring carried out shall be determined on the materiality and risk including whether the business relationship is high risk.
SECTION 12, REPORTING SUSPICION.
No material changes except for the Money Laundering Reporting Officer title changing to the Financial Crime Reporting Officer.
SECTION 13, EMPLOYEE SCREENING AND TRAINING.
No material changes to this except for staff now having to be aware of the enactments of Schedule 3.
SECTION 14, RECORD KEEPING.
This section has been enhanced to include a requirement to keep records of the Business Risk Assessments for a period of 5 years and the customer risk assessment for the business relationship or occasional transaction.
A Specified Business must also keep records of transactions with a customer or introducer including the amounts and types of currency involved.
SECTION 15, ENSURING COMPLIANCE, CORPORATE RESPONSIBILITY AND RELATED REQUIREMENTS.
This brings in to being the requirement for a Specified Business to have a Financial Crime Compliance Officer who must be autonomous.
The Board must ensure that any subsidiaries effectively implement policies, procedures and controls in respect of sharing information (including, but not limited to, customer, account and transaction information) between themselves for the purposes of carrying out due diligence and the forestalling, preventing and detecting money laundering and terrorist financing. The Board must also ensure that the subsidiaries have policies, procedures and controls governing the protection of confidentiality of such information.
The Board must also ensure that the conduct of any agent that a Specified Business uses is subject to the requirements to forestall, prevent and detect money laundering and terrorist financing that is consistent with the Financial Action Task Force recommendations of such an agent.
These enhancements will create the basis for the new Handbook, and Redwood Offshore Limited recommend that Licensees, Prescribed businesses and those registered for AML/CFT purposes, review the proposed Handbook and provide feedback to the Commission, if required.